> ## Documentation Index > Fetch the complete documentation index at: https://gcore.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Issue Let's Encrypt certificate > Issue free Let's Encrypt certificate for the CDN resource. Before issuing the certificate, you need to: - Delegate your domain to our name servers, if the CDN resource accelerates the entire site. - Specify all CNAMEs in the personal zone, if the CDN resource accelerates only static resources. - Create a Let's Encrypt certificate as described [here](/docs/api-reference/cdn/ssl-certificates/add-ssl-certificate). Let's Encrypt certificates will be issued for all CNAMEs of the CDN resource. Certificate issuing can take up to fifteen minutes. By default, we issue an ECDSA Let's Encrypt certificate. If you need a **RSA** certificate, you can [enable](/docs/api-reference/cdn/cdn-resources/change-cdn-resource) the "use_rsa_le_cert" option for your CDN resource. **Notes:** - When a certificate is issued, it will be applied to the CDN resource and HTTPS will be enabled automatically. - Let's Encrypt certificate will be automatically renewed before the expiration date. - Let's Encrypt certificate will be automatically updated and applied when deleting or adding additional CNAMEs of the CDN resource. **Challenge types:** By default, we issue Let's Encrypt certificates using the **HTTP-01** challenge. If you prefer to use **DNS-01** challenge, you can enable the "use_dns01_le_challenge" option for your CDN resource. Read more about [challenge types][1]. To issue Let's Encrypt certificate using the **DNS-01** challenge the steps below should be done before request issuance: 1. The DNS service is activated. 2. `use_dns01_le_challenge` [option](/docs/api-reference/cdn/cdn-resources/change-cdn-resource) is enabled. 3. `_acme-challenge` subdomain or resource's domain is delegated to our nameservers. To find out the nameservers for your account, use the GET request `/dns/v2/platform/info`. Use retrieved `name_server_1` and `name_server_2` values from the settings object to create NS records. [1]: https://letsencrypt.org/docs/challenge-types/ ## OpenAPI ````yaml /api-reference/services_documented/cdn_api.yaml patch /cdn/resources/{id} openapi: 3.1.0 info: title: Gcore OpenAPI – CDN API description: >- This OpenAPI is an aggregated OpenAPI specification that unifies all Gcore products into a single file. It covers Cloud, CDN, DNS, WAAP, DDoS Protection, Object Storage, Streaming, and FastEdge services. version: '2026-05-14T07:00:22.640261+00:00' servers: - url: https://api.gcore.com security: - APIKey: [] tags: - name: CDN service description: Information about the current state of the CDN service in your account. x-displayName: CDN service - name: CDN resources x-displayName: CDN resources - name: Origins x-displayName: Origins - name: Rules description: >- Rules allow to set up custom settings for certain file types or paths. By default, the rule inherits all options values from the related CDN resource. Each option in rule settings can be in one of the following states: - **Inherit** - Option is not added to the rule. Option inherits its value from the CDN resource settings. In this case, the option value is **null**. - **ON** - Option is added to the rule and enabled. Option values configured in the rule will override values from the CDN resource settings. - **OFF** - Option is added to the rule and disabled. Option will be turned off. x-displayName: Rules - name: Rule templates x-displayName: Rule templates - name: SSL certificates x-displayName: SSL certificates - name: Let's Encrypt certificates x-displayName: Let's Encrypt certificates - name: CA certificates x-displayName: CA certificates - name: CDN activity logs description: |- Get the history of users requests to CDN. It contains requests made both via the API and via the control panel. The following methods are not tracked in the activity logs: - HEAD - OPTIONS x-displayName: CDN activity logs - name: Log viewer description: >- Log viewer provides you with general information about CDN operation. This information does not contain all possible sets of fields and restricted by time. To receive full data, use Logs Uploader. x-displayName: Log viewer - name: Logs uploader description: >- Logs uploader allows you to upload logs with desired format to desired storages. Consists of three main parts: - **Policies** - rules that define which logs are uploaded and how they are uploaded. - **Targets** - destinations where logs are uploaded. - **Configs** - combinations of logs uploader policies, targets and resources to which they are applied. x-displayName: Logs uploader - name: Tools x-displayName: Tools - name: CDN Statistics description: >- Consumption statistics is updated in near real-time as a standard practice. However, the frequency of updates can vary, but they are typically available within a 24-hour period. Exceptions, such as maintenance periods, may delay data beyond 24 hours until servers resume and fill in the missing statistics. x-displayName: Statistics - name: Advanced analytics description: >- Advanced analytics allows to get statistics about unique visitors, traffic, and requests for countries, directories, browsers, devices, and operation systems for up to 90 days starting from today. Advanced analytics API is based on the [GraphQL framework](https://graphql.org/). Advanced analytics API has one single endpoint: https://api.gcore.com/cdn/advanced/v2/query You can pass the query parameters as a JSON object in the payload of a POST request to this endpoint. You can use curl to make requests to the Advanced analytics API. Alternatively, you can use a GraphQL client to construct queries and pass requests to the Advanced analytics API. You can write queries in GraphQL much like in SQL: specify the data set (CDN resource), the metrics to retrieve (such as unique visitors and traffic), and filter or group by dimensions (for example, a country). x-displayName: Advanced analytics - name: Origin shielding x-displayName: Origin shielding - name: IP addresses list x-displayName: IP addresses list - name: Purge history x-displayName: Purge history paths: /cdn/resources/{id}: patch: tags: - Let's Encrypt certificates summary: Issue Let's Encrypt certificate description: >- Issue free Let's Encrypt certificate for the CDN resource. Before issuing the certificate, you need to: - Delegate your domain to our name servers, if the CDN resource accelerates the entire site. - Specify all CNAMEs in the personal zone, if the CDN resource accelerates only static resources. - Create a Let's Encrypt certificate as described [here](/docs/api-reference/cdn/ssl-certificates/add-ssl-certificate). Let's Encrypt certificates will be issued for all CNAMEs of the CDN resource. Certificate issuing can take up to fifteen minutes. By default, we issue an ECDSA Let's Encrypt certificate. If you need a **RSA** certificate, you can [enable](/docs/api-reference/cdn/cdn-resources/change-cdn-resource) the "use_rsa_le_cert" option for your CDN resource. **Notes:** - When a certificate is issued, it will be applied to the CDN resource and HTTPS will be enabled automatically. - Let's Encrypt certificate will be automatically renewed before the expiration date. - Let's Encrypt certificate will be automatically updated and applied when deleting or adding additional CNAMEs of the CDN resource. **Challenge types:** By default, we issue Let's Encrypt certificates using the **HTTP-01** challenge. If you prefer to use **DNS-01** challenge, you can enable the "use_dns01_le_challenge" option for your CDN resource. Read more about [challenge types][1]. To issue Let's Encrypt certificate using the **DNS-01** challenge the steps below should be done before request issuance: 1. The DNS service is activated. 2. `use_dns01_le_challenge` [option](/docs/api-reference/cdn/cdn-resources/change-cdn-resource) is enabled. 3. `_acme-challenge` subdomain or resource's domain is delegated to our nameservers. To find out the nameservers for your account, use the GET request `/dns/v2/platform/info`. Use retrieved `name_server_1` and `name_server_2` values from the settings object to create NS records. [1]: https://letsencrypt.org/docs/challenge-types/ operationId: issue-lets-encrypt-certificate parameters: - in: path name: id description: CDN resource ID. required: true schema: type: integer requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AttachLECert' responses: '200': description: Successful. '400': description: Failed to issue the Let's Encrypt certificate. content: application/json: schema: oneOf: - $ref: '#/components/schemas/LetsEncryptCertificateAlreadyAttached' - $ref: '#/components/schemas/WildcardResourceCnameSSLLEError' components: schemas: AttachLECert: type: object properties: sslData: type: integer description: >- ID of Let's Encrypt certificate obtained [here](/docs/api-reference/cdn/ssl-certificates/add-ssl-certificate). It can be used only with "sslEnabled": true. example: 192 sslEnabled: type: boolean description: >- Defines whether the HTTPS protocol is enabled for CDN resource. Possible values: - **true** — HTTPS is enabled for the CDN resource. Certificate can be linked. - **false** — HTTPS is disabled for the CDN resource. Certificate cannot be linked. example: true required: - sslData - sslEnabled LetsEncryptCertificateAlreadyAttached: title: Let's Encrypt certificate is attached to another resource type: object properties: errors: type: object properties: sslData: type: array items: type: string description: >- Let's Encrypt certificates can't be attached to multiple resources. This error occurred because certificate is already attached to other resource. example: - >- You cannot attach this Let's Encrypt SSL certificate because it is already attached to another resource. WildcardResourceCnameSSLLEError: title: Wildcard resource's cname type: object properties: errors: type: object properties: sslData: type: array items: type: string description: >- The resource has a wildcard additional CNAME. In this case, you can use only your own certificate for content delivery via HTTPS. example: - >- We cannot issue a Let's Encrypt certificate for a resource with a wildcard cname. securitySchemes: APIKey: description: >- API key for authentication. Make sure to include the word `apikey`, followed by a single space and then your token. Example: `apikey 1234$abcdef` type: apiKey in: header name: Authorization ````